The unattended-upgrades service fails during automatic package installation due to lock files, broken dependencies, or configuration issues. This prevents automatic security updates from completing.
This error occurs when the unattended-upgrades daemon encounters an issue while trying to automatically install or upgrade packages. The daemon runs in the background to keep your system secure by installing security patches without requiring manual intervention. When it encounters errors—such as locked dpkg files, broken package dependencies, configuration conflicts, or missing dependencies—it stops the installation process and logs the error. This means critical security updates may not be applied to your system. The error typically happens when: another apt process is running and locks the dpkg database, a previous upgrade was interrupted leaving the system in an inconsistent state, the package requires user interaction (like choosing between configuration file versions), or system dependencies are broken.
View the error log to understand what went wrong:
sudo cat /var/log/unattended-upgrades/unattended-upgrades.log | tail -50Also check the apt history:
sudo cat /var/log/apt/history.log | tail -30Look for specific error messages that indicate the root cause (lock files, broken dependencies, post-installation script failures, etc.).
If dpkg is in an inconsistent state from an interrupted upgrade:
sudo dpkg --configure -aIf configuration conflicts exist, force the old config to be kept:
sudo dpkg --force-confold --configure -aThen update package lists:
sudo apt updateRepair any broken or held packages:
sudo apt --fix-broken install
sudo apt --fix-missing installIf packages are held (marked to not be upgraded), list and review them:
sudo apt-mark showholdTo unhold a specific package:
sudo apt-mark unhold package-nameReinstall the package to ensure it's in a clean state:
sudo apt install unattended-upgrades -yIf that fails, force-remove and reinstall:
sudo apt remove --purge unattended-upgrades
sudo apt autoremove
sudo apt update
sudo apt install unattended-upgradesBefore relying on automatic upgrades, test the configuration:
sudo unattended-upgrade --dry-run --debugThis shows exactly what would be upgraded without making changes. Review the output for any errors or warnings.
Ensure the service is enabled and running:
sudo systemctl enable unattended-upgrades
sudo systemctl restart unattended-upgrades
sudo systemctl status unattended-upgradesCheck that it runs on the configured schedule. The service typically runs once per day (check /etc/apt/apt.conf.d/20auto-upgrades).
Configuration Management: Edit /etc/apt/apt.conf.d/50unattended-upgrades to control which package origins are allowed for automatic upgrades. Packages from unapproved sources will be held back even if updates are available.
Debug Mode: Add Unattended-Upgrade::Debug "true"; to /etc/apt/apt.conf.d/50unattended-upgrades to enable verbose logging. This helps identify the exact point where installation fails.
Automatic Reboot: If you enable automatic reboots, ensure the system is configured to notify users. Check the Unattended-Upgrade::Automatic-Reboot* settings in the configuration file.
Mail Notifications: If mail notifications are enabled, verify mailutils or bsd-mailx is installed. Failing mail delivery can cause the service to report errors even if upgrades succeeded.
Lock File Issues: If you see "/var/lib/dpkg/lock" errors, another process may be running. Wait for background updates to complete, or force-remove stale lock files only if you're certain no other apt processes are active: sudo rm -f /var/lib/dpkg/lock-frontend /var/lib/apt/lists/lock.
SELinux/AppArmor: On systems with mandatory access control, ensure unattended-upgrades has the necessary permissions to write logs and manage packages.
dpkg: serious warning: files list file for package 'package-name' contains empty filename
How to fix "files list file contains empty filename" in APT
E: Sub-process /usr/bin/dpkg returned an error code (2)
How to fix "Sub-process /usr/bin/dpkg returned an error code (2)" in APT
dpkg-divert: error: rename involves overwriting 'path' with different file
How to fix dpkg-divert rename conflicts in APT
E: Sub-process /usr/bin/dpkg returned an error code (1) during kernel installation
How to fix "dpkg returned an error code (1)" in APT kernel installation
dpkg: dependency problems prevent configuration of triggers
dpkg: dependency problems prevent configuration of triggers in apt